The Linux Foundation Projects
Skip to main content
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

RECORDING: OpenChain Germany – 2H 2025 and Beyond – A Strategy Discussion

By News

We Held A Meeting To Discuss Three Things:

  1. To identify what is happening in the country around open source process management
  2.  What we can usefully contribute to increase value in this area for local businesses, projects and government
  3. Any areas of concern that might need global community assistance

Watch the Meeting:

Identified Challenges Faced for the OpenChain Germany Work Group:

Our current challenge is a lack of momentum in our meeting schedule and discussions. The challenge appears to be caused by two things:

  • Lack of time on everyone’s part
  • A wide variety of activities making it difficult to focus energy

Identified Priorities for the German Market:

Suggested Next Steps: 

Discussion Document:

We have created a document to help everyone share ideas (and refine other ideas) about next steps in the country. You can find and add comments to the document here:

RECORDING: OpenChain India – 2H 2025 and Beyond – A Strategy Discussion

By News

We Held A Meeting To Discuss Three Things:

  1. To identify what is happening in the country around open source process management
  2.  What we can usefully contribute to increase value in this area for local businesses, projects and government
  3. Any areas of concern that might need global community assistance

Watch the Meeting:

Identified Challenges Faced for the OpenChain India Work Group:

Our current challenge is a lack of momentum in our meeting schedule and discussions. The challenge appears to be caused by two things:

  • Lack of time on everyone’s part
  • A wide variety of activities making it difficult to focus energy

Identified Priorities for the Indian Market:

Suggested Next Steps:

  • Identify where ISO/IEC 5230 and ISO/IEC 18974 can assist
  • Identify where OpenChain reference material can assist
  • Discuss if we can create new reference material to assist

Discussion Document:

We have created a document to help everyone share ideas (and refine other ideas) about next steps in the country. You can find and add comments to the document here:

RECORDING: OpenChain Monthly Specification and Education Call (North America – Europe) – 2025-07-09

By News

We Discussed:

This was a busy meeting. Lead by Chris Wood (Chair, Specification Work Group), and featuring discussions from Martin Yagi (Chair Education Work Group) and Dave Marr (Co-Chair AI Work Group), we worked through the following agenda:

  1. Introducing new Work Group Chairs
  2. Education Work Group next steps
  3. AI Work Group – Draft AI Compliance Guide public comment period
  4. Specification Work Group – Approvals for updates to standards
  5. and more

Watch the Recording:

Coming Next:

  • With concrete targets for implementing agreed updates to the existing standards;
  • A new outreach beginning to triage further updates to the existing standards;
  • A provisional roadmap for further developing our education material;
  • And a six week window before finalizing a new AI compliance guide;

We have full but focused activity ahead.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Webinar – How we are doing compliance at CARIAD with ORT

By automation, legal, licensing, News, security, Webinar

This webinar covered how the team in VW Group are doing compliance at CARIAD with ORT. Helio Chissini de Castro lead the discussion, and we had some interesting Q&A.

This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-03.

Public Comment Period Announced: Artificial Intelligence System Bill of Materials – Compliance Management Guide for the Supply Chain

By Featured, News
The OpenChain AI Work Group has been considering how to manage AI compliance in the supply chain for over a year. During this time the community has collaboratively produced a draft guide to identify key process points for a quality AI compliance program:

Next Steps:

With approval from the OpenChain Governing Board, the draft ‘The Artificial Intelligence System Bill of Materials: Compliance Management Guide for the Supply Chain’ is now entering a Public Comment Period.

Participate:

This Public Comment period will follow the OpenChain Project process outlined on our website:

YOU CAN SUBMIT A COMMENT BY:

  1. Opening an issue on the OpenChain Project Reference Library GitHub Repository:
    https://github.com/OpenChain-Project/Reference-Material/issues
  2. Emailing the OpenChain AI Work Group mailing list:
    https://lists.openchainproject.org/g/ai
The Public Comment Period will run for six weeks.

THE DEADLINE FOR SUBMISSION OF PUBLIC COMMENTS IS 2025-08-18 AT 04:00 PDT / 11:00 UTC / 13:00 CEST / 20:00 JST.

Please note: THE DRAFT GUIDE IS NOT A PRODUCTION RELEASE OR OFFICIAL RELEASE DOCUMENT FROM THE OPENCHAIN PROJECT. AT THIS JUNCTURE, IT IS WORKING DOCUMENT DESIGNED TO ALLOW INTERESTED PARTIES TO SHARE IDEAS.

ECARX Announces An OpenChain ISO/IEC 5230 Conformant Program

By Featured, News

ECARX is a global automotive technology provider partnering with OEMs to accelerate the future of software-defined vehicles. As OEMs develop new vehicle platforms from the ground up, ECARX is developing a full-stack solutions to enhance the user experience, while reducing complexity and cost.

To date ECARX products have been integrated into more than 8.7 million cars worldwide. Founded in 2017, and listed on the Nasdaq in 2022, it has more than 1,800 team members across Europe, Asia and the Americas working towards one ambition: to redefine the driving experience by making it safer and more enjoyable for everyone.

Webinar – Project OCCTET.eu – The Why, What and How

By automation, community, legal, licensing, News, security, Webinar

This webinar covered an interesting new EU-funded project that brings together various open source tooling for open source security and compliance like Open Source Review Toolkit (ORT) and AboutCode, and other experts in the domain of open source compliance, security and automation. It featured Andreas Kotulla (Bitsea) and Martin von Willebrand (DoubleOpen), and had lively interaction from our audience.

This is an outcome webinar from the OpenChain and Friends event in Stuttgart, Germany during April 2025. This event saw speakers from Germany and beyond come together to share best practices around open source process management, compliance and automation.

Watch the Webinar:

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2025-07-01.

Please welcome our duly elected 2025/2026 chairs for the OpenChain Specification, Education and Telco Work Groups

By Featured, News

We had the OpenChain Governing Board meeting last week, and our community-elected chairs for the OpenChain Specification, Education and Telco Work Groups were formally approved. Their terms begin today, July 1st 2025.

Please welcome:
– Specification: Chris Wood, Lockheed Martin (4th term)
– Education: Martin Yagi, First Light Fusion (1st term)
– Telco: Marc-Etienne Vargenau, Nokia (3rd term)

It is wonderful to have their help, contributions and experience applied to making a more trusted open source supply chain.

We are looking forward to the year ahead! There is a lot to do.

Want to be part of this? Check out our participation page. Everyone is welcome.

RECORDING: OpenChain Q2 2025 Steering Committee Meeting – 2025-06-25

By News

The OpenChain Steering Committee held its Q2 2025 meeting on the 25th of June 2025 to discuss two items:

  1. An ISO periodic review to confirm that ISO/IEC 5230 is relevant, used and will continue to be used. The conformation had previously been agreed by email, and was formally motioned and passed at this meeting.
  2. Community proposals for future updates to ISO/IEC 5230 and ISO/IEC 18974.

The Outcomes

As noted above, there was an administrative matter related to ISO periodic review of ISO/IEC 5230, and this matter was submit to a formal motion and approval as per this meeting.
The second matter tabled consumed the majority of the meeting, and it is outlined in detail below.
The OpenChain Specification Work Group, chaired by Chris Wood and Helio Chissini de Castro (year 1), and then Chris Wood (to-date) underwent a two year and nine month process to (a) gather suggestions from inside and outside the OpenChain Project about potential improvements to ISO/IEC 5230 (license compliance) and ISO/IEC 18974 (security assurance), (b) run a six month public comment period and (c) run a three month freeze period.
These proposed updates went before the OpenChain Steering Committee on the 25th of June 2025 as per our formal processes, and were duly approved. The updates will be released sometime in 2026, with the exact date to be determined.
Provisionally, it is likely to be in Q2 2026, because we (i) need to complete a separate ISO periodic review of ISO/IEC 5230 in 2025, and (ii) we want to ensure plenty of time to formulate and spread a clear message about what to expect in the community updates a little later.
A quick overview is that:
  • (1) The primary change in the updates is adjusting the confirmation of conformance from 18 months to 12 months
  • (2) Alongside language improvements and citation or reference improvements
and
When ISO/IEC 5230 and ISO/IEC 18974 are sent into the update cycle in ISO a few things will happen.
  • (3) There will be a ballot to confirm the adjusted standards
  • (4) The new versions of the standards will get new ISO numbers
It is important to remember that while ISO/IEC 5230 and ISO/IEC 18974 will be superseded by the new versions, the existing ISO/IEC 5230 and ISO/IEC 18974 standards will still be a useful and available option for the supply chain. This will be a key part of our messaging ahead of finalizing a date for release in 2026. It is very important that companies understand that their current procurement cycle can continue, and no quick changes are needed.
Our duty, and our challenge, will be to ensure these expectations are set, communicated and supported by our work in 2H 2025.

The Recording of the Meeting:

The Slides We Used:

OpenChain @ OSS NA – Expanding the OpenChain Standards Portfolio – More Sister Standards? – 2025-06-25

By News

The OpenChain Project had a substantial presence at Open Source Summit North America 2025. We are posting some of our key talks to here to help with community education and discussion.

Expanding the OpenChain Standards Portfolio – More Sister Standards?:

A discussion has opened inside the OpenChain community regarding what future standards may join the existing portfolio of ISO/IEC 5230 for license compliance and ISO/IEC 18974 for security assurance.

The focus of the OpenChain Project is on building trust in the supply chain, and on doing this from the perspective of compliance matters. In the last year, the project has begun to prepare guides for SBOM Quality Management and AI Bill of Material Compliance in the Supply Chain. Both of these read against the project charter and mission.

This talk will explore how these two guides could potentially grown into future ISO standards via the existing practices of the OpenChain Project and lessons learned in making ISO/IEC 18974 in the 2023/2024 period. Rather than announcing new standards, the talk is sharing the processes involved in consideration, to illustrated how open projects address ideas and proposals from all parties in a genuinely inclusive manner.

Slides:

Speakers:

  • Shane Coughlan, General Manager of the OpenChain Project